privacy and cookies policy
This document defines the conditions for the processing of personal data (hereinafter also referred to as “data”) and cookies in the area of the theonering.pl online store, run via the website, available at the URL: theonering.pl, hereinafter referred to as the “Store”.
§1. HOW TO CONTACT THE DATA ADMINISTRATOR
The administrator of personal data processed as part of the Store is Adam Bykowicz, running a business under the name THEONE ADAM BYKOWICZ, with its registered office in Józefosław (05-500) at ul. Cynamonowa 7, registered in the Central Register and Information on Economic Activity kept by the Minister of Development, under NIP number 5213104795 and REGON number 365715503.
The Data Administrator can be contacted by phone: 606814062 and using the e-mail address: adam.bykowicz@wp.pl.
§2. ON WHAT BASIS WE PROCESS YOUR DATA
When collecting personal data, we always inform you about the legal basis for their processing. It results from the provisions of the GDPR (Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016. on the protection of natural persons with regard to the processing of personal data on the free movement of such data and repealing Directive 95/46/EC – the General Data Protection Regulation). When we inform about:
• Article 6 point 1 lit. a) GDPR – this means that we process personal data on the basis of the consent received,
• Article 6 point 1 lit. b) GDPR – this means that we process personal data because they are necessary to perform the contract or to take action before its conclusion, at the request received,
• Article 6 point 1 lit. c) GDPR – this means that we process personal data in order to fulfill a legal obligation,
• Article 6 point 1 lit. f) GDPR – this means that we process personal data in order to pursue legitimate interests.
§3. INFORMATION ON DATA PROCESSING FOR THE PURPOSE OF CONCLUDING AND IMPLEMENTING AGREEMENTS, POSSIBLE PURCHASE OF CLAIMS AND DEFENSE AGAINST THEM
1. We may process personal data necessary to perform the contract concluded with you. However, even before its conclusion, we may process personal data necessary to take action at your request The processing of this data is carried out on the basis of art. 6 point 1 lit. b) GDPR.
2. During the performance of the contract and after its performance, we process the personal data of its party for the purpose of possible consideration of claims, as well as their investigation. Our legitimate interest is, for example, the ability to respond to a possible complaint, which we are obliged to do under separate provisions of civil law. In this case, we will process personal data based on a legitimate interest, which is the defense against possible claims or their investigation. The processing of this data is carried out on the basis of art. 6 point 1 lit. f) GDPR.
3. We will store this data for the period necessary to achieve the designated goals, no later than until the claims under separate legal provisions expire.
4. You have the right to access your data, rectify it, delete it, limit processing, the right to transfer data, as well as the right to lodge a complaint with the supervisory authority. In the case of data processing for the purpose specified in point 2, you also have the right to object to their processing.
5. Providing this data is voluntary, but failure to provide this data will prevent the conclusion of the contract or its implementation.
6. The recipients of this data are: our hosting provider, e-mail service provider, IT service provider, transport service providers, provider of accounting services and software used to handle invoices, provider of electronic payment services, provider of legal, consulting and debt collection services and other service providers, which we use as part of the stated purpose.
§4. INFORMATION ABOUT DATA PROCESSING FOR THE PURPOSE OF DIRECT MARKETING
1. We may process your personal data for direct marketing purposes. This happens, for example, when we reply to your message with details of our offer.
2. The processing of this data is carried out on the basis of art. 6 point 1 lit. f) GDPR.
3. We will store your data for the time necessary for the purpose of implementation.
4. You have the right to access your data, rectify it, delete it, limit processing, the right to transfer data, the right to object to data processing, as well as the right to lodge a complaint with the supervisory authority.
5. Providing this data is voluntary, and failure to provide this data will prevent the implementation of direct marketing activities.
6. The recipients of this data are: our hosting provider, IT service provider, e-mail service provider.
§5. INFORMATION ON DATA PROCESSING FOR SECURITY
1. From the moment you launch our website, in order to ensure the security of services, we process such data as:
• public IP address of the device from which the query came,
• browser type and language,
• date and time of the inquiry,
• number of bytes sent by the server,
• URL address of the previously visited page, if the visit was made using this link,
• information about errors that occurred during the execution of the query.
2. Our legitimate interest in this processing is to keep server event logs and protect the Store against potential hacking attacks and other abuses. Including the possibility of determining the IP address of a person performing an illegal activity in the area of the Store, such as an attempt to break security, or the publication of prohibited content, or attempts at unauthorized activities using our servers.
3. The processing of this data is carried out on the basis of art. 6 point 1 lit. f) GDPR.
4. We will store this data for the period necessary to achieve the designated goals, no later than until the claims resulting from separate legal provisions expire.
5. You have the right to access your data, rectify it, delete it, limit processing, object to its processing, as well as the right to lodge a complaint with the supervisory authority.
6. Providing this data is a condition for using the Store. Failure to provide this data will make it impossible to use the Store.
7. The recipient of this data is our hosting provider and IT service provider.
§6. INFORMATION ABOUT DATA RECIPIENTS
When processing personal data, we use external services. Therefore, the recipients of your personal data may be third parties. When collecting personal data, we always inform about these recipients, however, due to the primacy of the message’s readability, we do it briefly. Therefore, we hereby clarify that when we inform about specific categories of recipients, these are the following entities:
• Transport service provider / couriers: InPost S.A, ul. Wielicka 28, 30-552 Krakow; Ship Center Poland Sp. z o.o., ul. Gliwicka 51, 40-0853 Katowice.
• Hosting provider: home.pl S.A., ul. Zbożowa 4, 70-653 Szczecin.
• Email service provider: home.pl S.A., ul. Zbożowa 4, 70-653 Szczecin.
• Supplier of software used to handle invoices: IFIRMA SA, ul. Grabiszyńska 241G, 53-234 Wrocław.
• Provider of legal / advisory / debt collection / accounting services – these service providers are appointed individually, in case of each need.
• Electronic payment service provider: PayU S.A., ul. Grunwaldzka 182, 60-166 Poznań.
§7. ABSOLUTE RIGHTS OF PERSONS WHOSE DATA ARE PROCESSED
When we write about the rights related to the processing of your personal data, we refer to the rights described below. The possibility of using the following rights is independent of the legal basis for the processing of personal data.
Right of access to data
You have the right to obtain confirmation from us as to whether we process personal data concerning you. If this is the case, you have the right to access this data, as well as receive additional information about:
• processing purposes,
• categories of relevant data,
• recipients or categories of recipients to whom the data have been or will be disclosed, in particular recipients in third countries or international organizations,
• if possible, the planned period of data storage, and if this is not possible, the criteria for determining this period,
• the right to demand from us rectification, deletion or limitation of data processing, to object to such processing, as well as the right to lodge a complaint with the supervisory authority,
• data source, if your data was not collected from you,
• automated decision-making, including profiling and the rules for making decisions, as well as the importance and expected consequences of such processing for you.
After receiving such a request, we are obliged to provide a copy of the personal data subject to processing. If such a request is received electronically, and unless we receive a different objection, we will also provide information electronically.
Right to rectification
You have the right to request us to immediately rectify inaccurate personal data concerning you. Taking into account the purposes of processing, you have the right to request completion of incomplete personal data, including by submitting an additional statement.
Right to erasure (to be forgotten)
You have the right to request us to delete your personal data immediately. We are then obliged to delete personal data without undue delay if one of the following circumstances applies:
• you have withdrawn your consent to the processing of your personal data and we have no other basis for processing them,
• you have filed an effective objection to the processing of data concerning you,
• your personal data has been processed unlawfully,
• Your personal data must be deleted in order to comply with a legal obligation,
• Your data has been collected in connection with offering information society services.
Right to restriction of processing
You have the right to request us to restrict processing in the following cases:
• when you question the correctness of the data – for a period allowing us to check their correctness,
• the processing is unlawful and you oppose the deletion of the data, requesting the restriction of their use instead,
• we no longer need personal data for the purposes of processing, but you need them to establish, pursue or defend claims,
• you have objected to the processing of your data – until it is determined whether the legitimate grounds on our part override the grounds for your objection.
Automated decisions, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
The law does not apply if this decision:
• is necessary for the conclusion or performance of a contract between you and us,
• is permitted by EU law or the law of the Republic of Poland and which provides for appropriate measures to protect your rights, freedoms and legitimate interests, or
• is based on your express consent.
Right to lodge a complaint
You have the right to lodge a complaint regarding the processing of your personal data to the supervisory body: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warszawa, tel. 22 531 03 00, fax. 22 531 03 01, e-mail: kancelaria@uodo.gov.pl.
§8. RELATIVE RIGHTS OF PERSONS WHOSE DATA ARE PROCESSED
When we write about the rights related to the processing of your personal data, we refer to the rights described below. The possibility of using them is each time dependent on the legal basis for the processing of personal data.
The right to withdraw consent to processing
Where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. Naturally, the withdrawal of the consent granted does not affect the lawfulness of the earlier processing of personal data.
Right to data portability
You have the right to receive your personal data provided to us in a structured and commonly used machine-readable format. You also have the right to send this personal data to another administrator without any obstacles on our part, if the processing takes place:
• on the basis of consent or on the basis of a contract, and
• in an automated manner.
When exercising the right to transfer data, you have the right to request that we send your personal data directly to another administrator, if it is technically possible. This right must not adversely affect the rights and freedoms of others.
Right to object
If we process your personal data pursuant to art. 6 point 1 lit. f) GDPR, you have the right to object to the processing of this data for reasons related to your particular situation.
Then we are no longer allowed to process this personal data, unless we demonstrate the existence of:
• valid, legitimate grounds for processing, where these grounds must override the interests, rights and freedoms of your person, or
• grounds for establishing, pursuing or defending claims.
Also, if you object to the processing of your personal data for direct marketing purposes, then we will not be able to process it for such purposes.
§9. COOKIES – INTRODUCTION
The Store’s website uses cookies. These are commonly used, small files containing a string of characters that are sent and saved on the end device (e.g. computer, laptop, tablet, smartphone) used when visiting the Store. This information is sent to the memory of the browser used, which sends it back the next time you visit the website. We can categorize cookies according to three division methods.
In terms of the purposes of using cookies, we distinguish three categories:
• Necessary files – these files enable the proper functioning of the website and its functionalities, e.g. authentication or security cookies. Without saving them on your device, it will be impossible to use the website.
• Analytical files – these files enable monitoring of opened websites, traffic sources, time spent on the website. Without saving them, the use of website functionality will not be limited.
In terms of their validity, we distinguish two categories of cookies:
• session files – existing until the end of a given session,
• persistent files – existing after the end of the session.
In terms of distinguishing the entity administering cookies, we distinguish:
• our cookies,
• third party cookies.
§10. DATA ADMINISTRATOR COOKIES
The cookies we administer allow you to:
• protecting the Store against hacker attacks,
• “remembering” by the browser the content of fields of completed forms (optional),
• “remembering” items added to the basket by the browser.
Thanks to this, using the functionality of the Store becomes easier and more pleasant.
§11. CONSENT TO USE AND MANAGE COOKIES
With the exception of essential cookies, their processing is based on the user’s consent.
Consent to the processing of cookies is voluntary and may be withdrawn at any time. However, it should be remembered that the lack of consent to the use of some cookies may result in restrictions on the use of the Store and its functionality, and even prevent its use.
Consent to the processing of cookies may be granted:
• using the settings of the software installed in the telecommunications end device used by the user,
• by using a button containing a statement of consent to the processing of cookies or confirmation of reading its terms,
• using the settings available in the website area.
§12. CACHE
When you use the Store’s website, we may automatically use the cache installed on your device. As part of local memory, it is possible to store data intersession, i.e. between subsequent visits to the Store’s website. The purpose of using the cache is to speed up the use of the Store by eliminating the situation where the same data would be repeatedly downloaded from the Store, thus burdening the user’s internet connection. The cache may also store data such as your login password.
§13. LINKS TO OTHER WEBSITES OR SOFTWARE
The Store may contain links to other websites or software. We are not responsible for the rules of compliance with the privacy policy and the processing of cookies in these websites or in this software. We recommend that you read the privacy and cookie policies of these websites or software after accessing them or before installing them.
§14. CHANGES TO THE PRIVACY AND COOKIES POLICY
1. The privacy and cookie policy comes into force on the date of its publication on the Store’s website.
2. The Privacy and Cookies Policy is changed by publishing its new content on the Store’s website.
3. We publish information about the change of the Privacy and Cookies Policy in the area of the Store’s website, no later than 3 days before the date of its new wording.